Re: [openssl-dev] [openssl.org #3883] [PATCH] Add IPv4/IPv6:port-based client cache

[Short, Todd via RT]

Updates to the IPv4/IPv6: port-based client cache patch:

Updated documentation, unit-tests and copyright.

Github link:
https://github.com/akamai/openssl/commit/0a9ec5fc896c0fdc417e60366d03c1d95cc53033

And attached patch.

Thank you.
--
-Todd Short
// tsh...@akamai.com
// "One if by land, two if by sea, three if by the Internet."




0023-RT3883-Add-IPv4-IPv6-port-based-client-cache.patch
Description: Binary data
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3883] [PATCH] Add IPv4/IPv6:port-based client cache

[Jonathan Larmour via RT]

On 01/06/15 15:22, Short, Todd via RT wrote:
 Re: copyrights:
 
 Planning to copy the (109-line) main copyright from another source file and 
 append to it:
 
 /* 
  * Copyright (C) 2015 Akamai Technologies. ALL RIGHTS RESERVED.
  * This code was originally developed by Akamai Technologies and
  * and contributed to the OpenSSL project.
  */
 
 Acceptable?

Just a little thing I noticed, but your text has and and (separated by a
newline).

Jifl


___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3883] [PATCH] Add IPv4/IPv6:port-based client cache

[Short, Todd via RT]

Yup, we noticed that too. 

--
-Todd Short
// tsh...@akamai.com
// Sent from my iPhone
// One if by land, two if by sea, three if by the Internet.


 On Jun 5, 2015, at 5:27 PM, Jonathan Larmour via RT r...@openssl.org wrote:
 
 On 01/06/15 15:22, Short, Todd via RT wrote:
 Re: copyrights:
 
 Planning to copy the (109-line) main copyright from another source file and 
 append to it:
 
 /* 
 * Copyright (C) 2015 Akamai Technologies. ALL RIGHTS RESERVED.
 * This code was originally developed by Akamai Technologies and
 * and contributed to the OpenSSL project.
 */
 
 Acceptable?
 
 Just a little thing I noticed, but your text has and and (separated by a
 newline).
 
 Jifl
 
 


___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3883] [PATCH] Add IPv4/IPv6:port-based client cache

[Short, Todd via RT]

Re: copyrights:

Planning to copy the (109-line) main copyright from another source file and 
append to it:

/* 
 * Copyright (C) 2015 Akamai Technologies. ALL RIGHTS RESERVED.
 * This code was originally developed by Akamai Technologies and
 * and contributed to the OpenSSL project.
 */

Acceptable?
--
-Todd Short
// tsh...@akamai.commailto:tsh...@akamai.com
// “One if by land, two if by sea, three if by the Internet.

On May 31, 2015, at 9:27 AM, Salz, Rich via RT 
r...@openssl.orgmailto:r...@openssl.org wrote:


(Documentation is in the source files, not a .pod)

Do you have code to produce usable manpages from the embedded
documentation?  We can't ask users to read the source.

I believe Todd meant for the test program.


   * The copyright notice does not refer to any license that would allow
 inclusion in OpenSSL.

Sigh.  We'll fix that to just submit with the akamai copyright and openssl 
license.





___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3883] [PATCH] Add IPv4/IPv6:port-based client cache

[Short, Todd via RT]

Note that this (almost) is identical to the Sun Microsystems contribution 
copyright in s3_both.c, s3_clnt.c s3_lib.c s3_srvr.c, ssl_cert.c ssl_ciph.c, 
ssl_lib.c and ssl_locl.h…

--
-Todd Short
// tsh...@akamai.commailto:tsh...@akamai.com
// “One if by land, two if by sea, three if by the Internet.

On Jun 1, 2015, at 10:22 AM, Short, Todd via RT 
r...@openssl.orgmailto:r...@openssl.org wrote:

Re: copyrights:

Planning to copy the (109-line) main copyright from another source file and 
append to it:

/* 
* Copyright (C) 2015 Akamai Technologies. ALL RIGHTS RESERVED.
* This code was originally developed by Akamai Technologies and
* and contributed to the OpenSSL project.
*/

Acceptable?
--
-Todd Short
// tsh...@akamai.commailto:tsh...@akamai.commailto:tsh...@akamai.com
// “One if by land, two if by sea, three if by the Internet.

On May 31, 2015, at 9:27 AM, Salz, Rich via RT 
r...@openssl.orgmailto:r...@openssl.orgmailto:r...@openssl.org wrote:


(Documentation is in the source files, not a .pod)

Do you have code to produce usable manpages from the embedded
documentation?  We can't ask users to read the source.

I believe Todd meant for the test program.


  * The copyright notice does not refer to any license that would allow
inclusion in OpenSSL.

Sigh.  We'll fix that to just submit with the akamai copyright and openssl 
license.





___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3883] [PATCH] Add IPv4/IPv6:port-based client cache

[Viktor Dukhovni]

On Sat, May 30, 2015 at 09:48:15AM +0200, Short, Todd via RT wrote:

 Hello OpenSSL Org:
 
 This is a change that Akamai has made to its implementation of OpenSSL.
 
 Version: master branch
 Description:  Add IPv4/IPv6:port-based client cache
 
 Update client cache to use IPv4/v6 addresses via sockaddr_storage.
 Add unit tests for client cache
 
 (Documentation is in the source files, not a .pod)

Do you have code to produce usable manpages from the embedded
documentation?  We can't ask users to read the source.
Perhaps a .pod could be generated?

 
 Github link:
 
 https://github.com/akamai/openssl/commit/6bac97c07d7f6eb3015a2b5fe2869b0560a9594a

Apart from documentation, I have two major issues:

* The copyright notice does not refer to any license that would allow
  inclusion in OpenSSL.

* The cache is indexed by ip  port, but the same TCP endpoint
  can serve multiple domains via SNI.  It is wrong to reuse a
  session obtained for one SNI name (server certificate) with
  a different SNI name (different server certificate).


* The use of the session cache hash function appears to be
  wrong.  The session hash is based on the session id, but
  the session used for lookup has just ex_data with the ip/port,
  which don't get used at all.

* Perhaps other issues too, but this is far from ready it seems.

-- 
Viktor.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3883] [PATCH] Add IPv4/IPv6:port-based client cache

[Viktor Dukhovni]

On Sun, May 31, 2015 at 06:06:03AM +, Viktor Dukhovni wrote:

 * Perhaps other issues too, but this is far from ready it seems.

Also why is line 399 of ssl_client_cache.c setting s-hit = 1?

-- 
Viktor.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3883] [PATCH] Add IPv4/IPv6:port-based client cache

[Salz, Rich via RT]

  (Documentation is in the source files, not a .pod)
 
 Do you have code to produce usable manpages from the embedded
 documentation?  We can't ask users to read the source.

I believe Todd meant for the test program.


 * The copyright notice does not refer to any license that would allow
   inclusion in OpenSSL.

Sigh.  We'll fix that to just submit with the akamai copyright and openssl 
license.



___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3883] [PATCH] Add IPv4/IPv6:port-based client cache

[Short, Todd via RT]

Many of the changes Akamai has did not include proper documentation. I have 
noted these and will send updated patches when done. I will also update the 
copyrights.

--
-Todd Short
// tsh...@akamai.com
// One if by land, two if by sea, three if by the Internet.


 On May 31, 2015, at 9:27 AM, Salz, Rich via RT r...@openssl.org wrote:
 
 
 (Documentation is in the source files, not a .pod)
 
 Do you have code to produce usable manpages from the embedded
 documentation?  We can't ask users to read the source.
 
 I believe Todd meant for the test program.
 
 
* The copyright notice does not refer to any license that would allow
  inclusion in OpenSSL.
 
 Sigh.  We'll fix that to just submit with the akamai copyright and openssl 
 license.
 
 
 


___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3883] [PATCH] Add IPv4/IPv6:port-based client cache

[Short, Todd]

Many of the changes Akamai has did not include proper documentation. I have 
noted these and will send updated patches when done. I will also update the 
copyrights.

--
-Todd Short
// tsh...@akamai.com
// One if by land, two if by sea, three if by the Internet.


 On May 31, 2015, at 9:27 AM, Salz, Rich via RT r...@openssl.org wrote:
 
 
 (Documentation is in the source files, not a .pod)
 
 Do you have code to produce usable manpages from the embedded
 documentation?  We can't ask users to read the source.
 
 I believe Todd meant for the test program.
 
 
* The copyright notice does not refer to any license that would allow
  inclusion in OpenSSL.
 
 Sigh.  We'll fix that to just submit with the akamai copyright and openssl 
 license.
 
 
 
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3883] [PATCH] Add IPv4/IPv6:port-based client cache

[Short, Todd via RT]

Hello OpenSSL Org:

This is a change that Akamai has made to its implementation of OpenSSL.

Version: master branch
Description:  Add IPv4/IPv6:port-based client cache

Update client cache to use IPv4/v6 addresses via sockaddr_storage.
Add unit tests for client cache

(Documentation is in the source files, not a .pod)

Github link:

https://github.com/akamai/openssl/commit/6bac97c07d7f6eb3015a2b5fe2869b0560a9594a

And attachment.

Thank you.
--
-Todd Short
// tsh...@akamai.com
// “One if by land, two if by sea, three if by the Internet.”



0002-Add-IPv4-IPv6-port-based-client-cache.patch
Description: Binary data
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev